package com.vincent.template.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * spring security权限校验演示
 * 登录地址：localhost:9001/login
 * 管理员：wang001/wang001
 * 普通用户：wang002/wang002
 *
 * @author Vincent Wang
 * @date 2020/12/30 15:38
 */
@RestController
@RequestMapping("/demo")
public class DemoController {

    // 基于角色Code校验
    @GetMapping("/roleAdmin")
    @PreAuthorize("hasAnyRole('ADMIN')")
    public String roleAdmin() {
        return "roleAdmin";
    }
    @GetMapping("/roleUser")
    @PreAuthorize("hasAnyRole('USER')")
    public String roleUser() {
        return "roleUser";
    }

    // 基于权限Code校验
    @GetMapping("/authAdmin")
    @PreAuthorize("hasAnyAuthority('demo:authAdmin')")
    public String authAdmin() {
        return "authAdmin";
    }
    @GetMapping("/authUser")
    @PreAuthorize("hasAnyAuthority('demo:authUser')")
    public String authUser() {
        return "authUser";
    }

    // 基于数据库动态URL权限校验
    @GetMapping("/dbAdmin")
    public String dbAdmin() {
        return "dbAdmin";
    }
    @GetMapping("/dbUser")
    public String dbUser() {
        return "dbUser";
    }

}